Re: CDPATH and shell scripts
Mike Hommey <email@example.com> writes:
> On Thu, Jul 02, 2009 at 02:26:21PM -0700, Russ Allbery wrote:
>> Jonathan Yu <firstname.lastname@example.org> writes:
>> > How to fix them? Write Perl scripts, and turn on taint checking --
>> > that fixes the four issues above, because it makes the script exit if
>> > any of them look dangerous. Env::Sanctify::Auto is a Perl module that
>> > automatically cleans up the paths.
>> > My advice:
>> > 1. Write scripts that might be run as root (or setuid root) using Perl
>> > 2. Turn on taint checking
>> > 3. Consider using Env::Sanctify::Auto (shameless plug)
>> I would really prefer that people not start writing maintainer scripts
>> in Perl as a matter of course. Perl is harder to analyze for programs
>> like lintian than shell scripts (which are already hard enough).
> I wonder, do dpkg unset these variables when running maintainer scripts?
> That could be a good idea if it doesn't already.
It does not, at least not specifically. Nor do nearly all shell
scripts in /usr/bin.
And think of what fun that would be to debug for a debconf using
package. Suddenly debconf gets told some paths and errors out.